12 TH NOVEMBER 2014 CYBER SECURITY | THREATS DAVID CROZIER – TECHNICAL MARKETING MANAGER @DAVID_CROZIER
Jul 12, 2015
12TH NOVEMBER 2014
CYBER SECURITY | THREATS
DAVID CROZIER – TECHNICAL MARKETING MANAGER
@DAVID_CROZIER
David Crozier
Technical Marketing Manager at QUB’s Centre for Secure Information Technologies (CSIT)
Responsible for marketing of commercial R&D, IP, MSc and membership programmes and planning
its annual World Cyber Security Technology Research Summit.
Currently advise the Northern Ireland Organised Crime Task Force on cyber and cyber enabled crime.
Holds a BSc Computer Science and MSc Innovation & Entrepreneurship from the University of Ulster.
Vision
Our vision is to establish a global innovation hub for cyber security, to accelerate new value creation, drive new venture creation and build capacity for the cyber security industry, whilst not compromising on research excellence
GLOBALINNOVATION
HUB FORCYBER
SECURITY
CSIT within the Innovation landscape
TRLs
SBRI, KTP, Innovation Voucher
EPSRC–Responsive Mode Research CASE, PhDs
Horizon 2020Collaborative R&D
Technology Deployed,
Spinouts
EPSRC Innovate UK
Contract Development
CSIT - IKC
VCs, Angels etc.
SMART
1 2 3 4 5 6 7 8 9
Open Innovation Model
THINK
How much is your data worth?
Perception
Trending to zero
How much is your data worth?
$20 per user
Google 2006
$30 per user
Facebook 2012
$42 per user
Facebook 2014
Reality
What are they after?
Categories of Threats
Corporations, Corporations, Individuals
Corporations, Individuals
Corporations, Individuals,
Governments
N/ARetailers, Financial Services,
Individuals
positions, Legal
Intellectual Property,
Negotiation positions, Legal posture, R&D,
Weapons
Low Low-Med Low-Med Low-Med High High
Phishing, Malware
Destruction,Theft
DDOS,Anonymous,
Wikileaks, Lulzsec
Al-Qaeda Sites,ISIS Recruitment
Carding, ACH, PII
ChineseHackers, APTs,
ICS SCADA
Targets
Skill Level
Example
Objective
Financial Gain
Revenge,Monetary Gain
Defamation,Notoriety
Fundraising,Propaganda,Recruitment
Financial Gain
Economic, Political
Advantage
VirusesWorms, Spam
Insider threat,Insider sabotage
Hacktivists TerroristsOrganised
CrimeState Sponsored
Amended from original and used with permission from – Paul C Dwyer, Cyber Risk International Ltd
The Insider Threat
“A person who exploits, or has the intention to exploit, their legitimate access to an organisation’s assets for unauthorised purposes.”
� Gender: 82% Male, 18% Female
� Age: 49% 41-45 Years Old
� Contract: 88% Permanent Staff
� Job Type: Customer Service (20%), Financial (11%), Security 11%)
� Role: 45% Managers, 49% Administrative/Support Roles
� Duration: 6 Months (41%), 5+ Years (11%)
� Time in Service: < 5 Years (60%)
CPNI Insider Data Collection Study 2013
Detecting The Insider Threat
Threat Indicators:
Anomaly Detection
• Physical/Remote Access Patterns
• Data Access Patterns
• Communication Channels (Email, Phone, IM)
IT Observables
• Data Exfiltration
• Resource Usage (Systems, Printers, Data Storage)
• Access Violations (Resource Probing)
Evidential Reasoning
• Criminology Profiles (Immature, Self-Esteem, Impulsive)
• Motivation Analysis (Grievances, HR Reports)
• Behavioural Evidence (Stressed, Adverse Life Events)
The Increasing Network Perimeter
Multiple Access Points
� Distributed Corporate Systems
� Third-party IT Providers
� Wireless Connectivity Support
� 3G/4G Pervasiveness
� BYOD Support
� Collaborative Data Sharing Tools
Compliance and certification is enough – Right?
Wrong!
• Payment Card Industry Data Security Standard (PCI DSS)
• ISO 27001:2013
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Ethical Hacker (CEH)
These are only a starting point, baselines.
You need to aim for Compliance Plus+ in relation to cyber security.
Cyber Security is not just ITs problem
CEO
CIO CFO COO CMO
Not knowing is not good enough anymore
If, not when.
Protect
& Prepare
Detect & Analyse
Containment, eradication
and Remediation
Post-mortem
Threat Intelligence Sharing
The Cyber-security Information Sharing Partnership (CiSP), part of CERT-UK, is a joint industry government initiative to share cyber threat and vulnerability information in order to increase overall situational awareness of the cyber threat and therefore reduce the impact on UK business.
CiSP members receive enriched cyber threat and vulnerability information from the ‘Fusion Cell’, a joint industry and government analytical team who examine, analyse and feedback cyber information from a wide variety of data sources.
600 Organisations and 1700 Individuals signed up for this free service as of summer 2014.
Incident Reporting
• Significant under-reporting in Northern Ireland
• New reporting portal for industry only being tested
• Will support business case for further investigative resources
• PSNI are mindful of reputational damage.
• Investigation processes updated accordingly to minimise negative commercial impact.
Growth Prospects
• Global Cybersecurity market size:
• £136Bn (K-Matrix, May 2013)
• £51Bn (Markets and Markets, 2012)
• UK Cybersecurity market size:
• £4.3Bn (K-Matrix, May 2013)
• £2.8Bn growing to £3.4Bn by 2017 (PAC, 2013)
• Importance to UK
• National Cybersecurity Strategy
• Major Businesses (BAE Systems, Thales UK, QinetiQ, BT), specialist consultants (KPMG, PwC), UK based FDI (IBM, Intel, Microsoft, Lockheed Martin, CGI) and numerous SMEs
• Cyber Growth Partnership • Government have targeted £2Bn by 2016 for exports (£850M in 2012)
• 135% Growth
Emergent Industry
Industry Informed & Work Placement Opportunities
• Feedback incorporated into course structure & module content
• McAfee providing lecture material to support Malware module
• Invited seminars and special guest lectures from industry experts
• Internship and work placement opportunities will be open to students accepted for enrolment on the MSc in Cyber Security
MSc in Cyber Security
Q&A
@DAVID_CROZIER